What is your usual approach to the sequence of safety classification vs software risk analysis activities? My interpretation would be to perform the software safety classification before ISO 14971 software risk analysis, because safety class (per clause 7 of IEC 62304) determines the level of risk management activities required.
My development projects that include software with ME devices start with a Hazard Analysis to see if the software can either contribute to unacceptable risks or will be allocate some element of controlling unacceptable risks. This is done before trying to evaluate the effectiveness of any non-software risk controls. So we don't do this
before starting our 14971 process, but rather as part of the process.
Sidebar: The 'sub-process' step in the diagram of 4.3 is IMO deceptive, because it implies that a rather complete evaluation of all non-software risk control measures is to be done before entering the medical software development process. Except for the circumstance where the initial design has a clear allocation and segregation of risks arising (between hardware and software) from the device (the first decision diamond in 4.3) , this isn't practical: modern ME devices with software generally have parallel development between hardware and software elements. A further complication is that the FDA guidance requires determination of the "Level of Concern" prior to the implementation of risk controls; it would be disadvantageous to have to generate a different set of deliverables for an FDA submission and European registration.
With a preliminary Hazard Analysis (an early step in our 14971 process), the determination of classification is possible.
For example, safety class A software does not require any of the risk management activities.
I don't think it is precisely correct to say this. It is true that there are fewer required development deliverables for class A, but unless there literally is no "P1" for a software failure the only way you could claim that Class A software doesn't result in unacceptable risk would be to do the RM activities to support this conclusion.